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DETAILED ACTION 

1 . Claims 1, 3-10, 12-16 are presented for examination. 

2. Claims 2 and 1 1 are cancelled without prejudice. 

3. Claims 1 5-1 6 are newly added. 

Response to Arguments 

4. Applicant's arguments filed on March 31 , 2008 have been fully 
considered but they are not persuasive because of the following reasons: 

5. Applicant argues that the prior art does not teach or suggest the 
feature of performing an automated security scan of a second network device by 
a first network device to determine a capability of the second network device. 

6. In response to applicant's argument, the examiner submits that Win 
does teach the feature of performing an automated security scan of a second 
network device by a first network device to determine a capability of the second 
network device as shown in line 8, col. 8, line 23-col. 9, line 40, col. 10, line 64- 
col. 12. 

7. In addition, as the independent claims 9, 14 and 16 recited similar 
feature of claim 1 as discussed above. Therefore, the rejection to independent 
claims 1, 9, 14 and 16 are sustained. 

8. Applicants still have failed to identify specific claim limitations that 
would define a patentable distinction over cited prior arts. Therefore, the 
examiner asserts that cited prior art teaches or suggests the subject matter 
broadly recited in independent claims 1, 9, 14 and 16. Claims 3-8, 10, 12-13, 
and 15 are also rejected at least by virtue of their dependency on independent 
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claims and by other reasons set forth in this office action below. Accordingly, 
claims 1, 3-10, 12-16 are respectfully rejected. 

Claim Rejections - 35 USC § 103 

9. The following is a quotation of 35 U.S.C. 1 03(a) which forms the 
basis for all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 102 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

10. Claims 1-14 are rejected under 35 U.S.C. § 103 (a) as being 
unpatentable over Win et al. (hereinafter Win) U.S. Patent No. 6,453,353, in view 
of Wright et al. (hereinafter Wright) U.S. Pub. No. 2004/0123153. 

11. As to claims 1,14 and 16, Win teaches a method, comprising: 
performing an automated security scan of a second network device by a first 
network device to determine a capability of the second network device (line 8, 
col. 8, line 23-col. 9, line 40, col. 10, line 64-col. 12); generating an attribute 
certificate based in part on the attribute (col. 7, line 34-col. 8, line 46, col. 10, line 
34-col. 11, line 9); storing the attribute certificate including the attribute (col. 6, 
line 20-65, col. 10, lines 14-67); and responsive to a verified authentication 
request, determining, that the attribute certificate is valid and authorizing access 
to a resource over a network based, in part, on the attribute associated with the 
attribute certificate (col. 9, line 14-col. 10, line 67, col.11, line 43-col. 12, line 8). 
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Win teaches the feature of determining an attribute based on a capability 
of users (abstract, figure 1, col. 6, lines 58-65, col. 11, line 42-col. 12, line 8). 
However, Win does not explicitly teach determining an attribute based, in part, on 
the determined capability. 

Wright teaches the feature of determining an attribute based, in part, on 
the determined capability ([0066-0067], [0078]-[0121]). 

It would have been obvious to one of ordinary skill in the Data Processing 
art at the time of the invention was made to combine the teachings of Wright into 
Win to include the feature of determining an attribute based, in part, on the 
determined capability because it would have provided different levels of security 
protection for different location and/or security features are highly desirable for 
network device. 

12. As to claim 3, Win teaches wherein the attribute is further 
determined based, in part, on a condition to be satisfied (figure 3, col. 8, lines 5- 
63). 

1 3. As to claim 4, Win teaches wherein the attribute is further 
associated with a group of network devices (col. 13, lines 35-67). 

14. As to claim 5, Win teaches wherein the attribute is further 
associated with a group of users (col. 13, lines 35-67). 
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1 5. As to claim 6, Win teaches, wherein the attribute certificate is 
generated by at least one of the first network device, an access server, and an 
attribute authority (figure 1). 

16. As to claim 7, Win teaches wherein the attribute certificate is stored 
in at least one of the second network device, and an attribute repository (figure 
1)- 

1 7. As to claim 8, Win teaches wherein the attribute certificate is 
provided to an access server through the use of at least one of a cookie, a 
program, and a manual upload (col. 10, line 41 -col. 12, lines 8). 

18. As to claim 9, Win teaches an apparatus, comprising: an interface 
configured to perform an automated security scan of a network device to 
determine a capability of the network device (col. 10, line 64-col. 12, line 8, col. 8, 
line 23-col. 9, line 40, col. 10, line 34-67); a memory configured to store the 
attribute certificate including the attribute (col. 7, line 34-col. 8, line 46, col. 10, 
line 34-col. 11, line 9); responsive to a verified authentication request, the 
processor further configured to determine that the attribute certificate is valid and 
to authorize access to a resource over a network based, in part, on the attribute 
associated with the attribute certificate (col. 9, line 14-col. 10, line 67, col .11, line 
43-col. 12, line 8). 
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Win teaches the processor configured to generate an attribute certificate, 
wherein the attribute certificate is based, in part, on a capability of users 
(abstract, figure 1, col. 6, lines 58-65, col. 11, line42-col. 12, line 8). However, 
Win does not explicitly teach a processor configured to determine an attribute 
based, in part on the determined capability; the processor further configured to 
generate an attribute certificate based, in part, on the attribute. 

Wright teaches the processor further configured to generate an attribute 
certificate based, in part, on the attribute ([0066-0067], [0078]-[0121]). 

It would have been obvious to one of ordinary skill in the Data Processing 
art at the time of the invention was made to combine the teachings of Wright into 
Win to include the feature of determining an attribute based on the determined 
capability of a network device because it would have provided different levels of 
security protection for different location and/or security features are highly 
desirable for network device. 

19. As to claim 10, Win teaches wherein the processor is further 
configured to generate the attribute certificate based on a condition to be 
satisfied (figure 3, col. 8, lines 5-63). 

20. As to claim 12, Win teaches wherein the processor is further 
configured to generate the attribute certificate based on the automated security 
scan of the other network device (abstract, col. 5, line 55-col. 6, line 10, col. 10, 
lines 34-67). 
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21 . As to claim 13, Win teaches wherein the interface is further 
configured to send the attribute certificate to the network device to be stored 
(figure 1). 

22. As to claim 15, Win teaches wherein the means to perform an 
automated scan comprises an interface; and the means for determining, 
generating, storing, and means responsive comprises a central processing unit 
coupled to the interface and further coupled to a memory (col. 7, line 34-col. 8, 
line 46, col. 1 0, line 34-col. 1 1 , line 9). 

Conclusion 

23. The prior art made of record and not relied upon is considered 
pertinent to applicant's disclosure. 

24. Any inquiry concerning this communication or earlier 
communications from the examiner should be directed to Thu Ha Nguyen, whose 
telephone number is (571 ) 272-3989. The examiner can normally be reached 
Monday through Friday from 8:30 AM to 5:00 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Glenton Burgess, can be reached at (571) 272-3949. 
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The fax phone numbers for the organization where this application or 
proceeding is assigned are (571 ) 273-8300 for regular communications. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov . Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 



/THUHAT. NGUYEN/ 
Primary Examiner, Art Unit 2153 
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